package com.funtl.screw.common.security.component;

import com.funtl.screw.common.core.constant.SecurityConstants;
import com.funtl.screw.common.security.service.ServiceUser;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;

import java.util.HashMap;
import java.util.Map;

/**
 * @author Lusifer
 * @since 2019-09-17
 * <p>
 * token增强，客户端模式不增强。
 */
public class ServiceTokenEnhancer implements TokenEnhancer {

    /**
     * Provides an opportunity for customization of an access token (e.g. through its
     * additional information map) during the process of creating a new token for use by a
     * client.
     *
     * @param accessToken    the current access token with its expiration and refresh token
     * @param authentication the current authentication including client and user details
     * @return a new token enhanced with additional information
     */
    @Override
    public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
        final Map<String, Object> additionalInfo = new HashMap<>(8);
        String clientId = authentication.getOAuth2Request().getClientId();
        additionalInfo.put(SecurityConstants.CLIENT_ID, clientId);
        additionalInfo.put(SecurityConstants.ACTIVE, Boolean.TRUE);

        // 客户端模式不返回具体用户信息
        if (SecurityConstants.CLIENT_CREDENTIALS.equals(authentication.getOAuth2Request().getGrantType())) {
            ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
            return accessToken;
        }

        ServiceUser metaUser = (ServiceUser) authentication.getUserAuthentication().getPrincipal();
        additionalInfo.put(SecurityConstants.DETAILS_USER_ID, metaUser.getUserId());
        additionalInfo.put(SecurityConstants.DETAILS_USERNAME, metaUser.getUsername());
        ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
        return accessToken;
    }

}
